Cookie authentication bypass in Alguest

Summary

Vulnerability
Cookie authentication bypass in Alguest
Discovered
2010.11.20
Last Update
n/a n/a
ID
EV0152
CVE
n/a
Risk Level
high
Type
Authentication Bypass
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
Alguest (http://sourceforge.net/projects/alguest/)
Version
1.1c-patched
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Authentication Bypass found in Alguest (http://sourceforge.net/projects/alguest/) script.

Cookie Authentication Bypass
Cookie-based authentication lack is present in admin.php, opzioni.php, elimina.php, modifica.php scripts. Administration functions are threatened

PoC/Exploit

Cookie Auth Bypass
There is no real password comparison for admin user. Administration scripts check only existence of admin cookie.

Cookie: admin=anyvalue

Solution.

Solution for "Cookie authentication bypass in Alguest" is not available. Check vendor's website for updates.